Example 1 with SamlAssertion
use of com.intel.mtwilson.saml.SamlAssertion in project OpenAttestation by OpenAttestation.
the class HostTrustBO method getTrustWithSaml.
public String getTrustWithSaml(TblHosts tblHosts, String hostId, String hostAttestationUuid) {
try {
//String location = hostTrustBO.getHostLocation(new Hostname(hostName)).location; // example: "San Jose"
//HostTrustStatus trustStatus = hostTrustBO.getTrustStatus(new Hostname(hostName)); // example: BIOS:1,VMM:1
TblSamlAssertion tblSamlAssertion = new TblSamlAssertion();
TxtHost host = getHostWithTrust(tblHosts, hostId, tblSamlAssertion);
tblSamlAssertion.setAssertionUuid(hostAttestationUuid);
tblSamlAssertion.setBiosTrust(host.isBiosTrusted());
tblSamlAssertion.setVmmTrust(host.isVmmTrusted());
// We need to add the Asset tag related data only if the host is provisioned for it. This is done
// by verifying in the asset tag certificate table.
X509AttributeCertificate tagCertificate;
AssetTagCertBO atagCertBO = new AssetTagCertBO();
MwAssetTagCertificate atagCertForHost = atagCertBO.findValidAssetTagCertForHost(tblSamlAssertion.getHostId().getId());
if (atagCertForHost != null) {
log.debug("Host has been provisioned in the system with a TAG.");
tagCertificate = X509AttributeCertificate.valueOf(atagCertForHost.getCertificate());
} else {
log.debug("Host has not been provisioned in the system with a TAG.");
tagCertificate = null;
}
// if (tblHosts.getBindingKeyCertificate() != null && !tblHosts.getBindingKeyCertificate().isEmpty()) {
// host.setBindingKeyCertificate(tblHosts.getBindingKeyCertificate());
// }
SamlAssertion samlAssertion = getSamlGenerator().generateHostAssertion(host, tagCertificate, null);
// We will check if the asset-tag was verified successfully for the host. If so, we need to retrieve
// all the attributes for that asset-tag and send it to the saml generator.
/* X509AttributeCertificate tagCertificate = null;
if (host.isAssetTagTrusted()) {
AssetTagCertBO atagCertBO = new AssetTagCertBO();
MwAssetTagCertificate atagCertForHost = atagCertBO.findValidAssetTagCertForHost(tblSamlAssertion.getHostId().getId());
if (atagCertForHost != null) {
tagCertificate = X509AttributeCertificate.valueOf(atagCertForHost.getCertificate());
// atags.add(new AttributeOidAndValue("UUID", atagCertForHost.getUuid())); // should already be the "Subject" attribute of the certificate, if not then we need to get it from one of the cert attributes
}
}
SamlAssertion samlAssertion = getSamlGenerator().generateHostAssertion(host, tagCertificate);
*/
log.debug("Expiry {}", samlAssertion.expiry_ts.toString());
tblSamlAssertion.setSaml(samlAssertion.assertion);
tblSamlAssertion.setExpiryTs(samlAssertion.expiry_ts);
tblSamlAssertion.setCreatedTs(samlAssertion.created_ts);
// TrustReport hostTrustReport = getTrustReportForHost(tblHosts, tblHosts.getName());
// tblSamlAssertion.setTrustReport(mapper.writeValueAsString(hostTrustReport));
// logTrustReport(tblHosts, hostTrustReport); // Need to cache the attestation report ### v1 requirement to log to mw_ta_log
getSamlAssertionJpaController().create(tblSamlAssertion);
return samlAssertion.assertion;
} catch (ASException e) {
// We override that here to give more specific codes when possible:
if (e.getErrorCode().equals(ErrorCode.AS_HOST_NOT_FOUND)) {
throw new WebApplicationException(Status.NOT_FOUND);
}
/*
* if( e.getErrorCode().equals(ErrorCode.TA_ERROR)) { throw new
* WebApplicationException(Status.INTERNAL_SERVER_ERROR); }
*
*/
throw e;
} catch (Exception ex) {
// throw new ASException( e);
log.error("Error during retrieval of host trust status.", ex);
throw new ASException(ErrorCode.AS_HOST_TRUST_ERROR, ex.getClass().getSimpleName());
}
}
Also used :
WebApplicationException(javax.ws.rs.WebApplicationException)
SamlAssertion(com.intel.mtwilson.saml.SamlAssertion)
TblSamlAssertion(com.intel.mtwilson.as.data.TblSamlAssertion)
AssetTagCertBO(com.intel.mtwilson.as.business.AssetTagCertBO)
TblSamlAssertion(com.intel.mtwilson.as.data.TblSamlAssertion)
MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate)
ASException(com.intel.mountwilson.as.common.ASException)
ASException(com.intel.mountwilson.as.common.ASException)
WebApplicationException(javax.ws.rs.WebApplicationException)
ConfigurationException(org.apache.commons.configuration.ConfigurationException)
CryptographyException(com.intel.mtwilson.crypto.CryptographyException)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
Example 2 with SamlAssertion
use of com.intel.mtwilson.saml.SamlAssertion in project OpenAttestation by OpenAttestation.
the class HostTrustBO method getTrustWithSaml.
/**
* Returns a multi-host SAML assertion. It's similar to getTrustWithSaml(TblHosts,String)
* but it does NOT save the generated SAML assertion.
*/
public String getTrustWithSaml(Collection<TblHosts> tblHostsCollection) {
try {
//String location = hostTrustBO.getHostLocation(new Hostname(hostName)).location; // example: "San Jose"
//HostTrustStatus trustStatus = hostTrustBO.getTrustStatus(new Hostname(hostName)); // example: BIOS:1,VMM:1
ArrayList<TxtHostWithAssetTag> hostList = new ArrayList<>();
for (TblHosts tblHosts : tblHostsCollection) {
// these 3 lines equivalent of getHostWithTrust without a host-specific saml assertion table record to update
HostTrustStatus trust = getTrustStatus(tblHosts, tblHosts.getUuid_hex());
TxtHostRecord data = createTxtHostRecord(tblHosts);
TxtHost host = new TxtHost(data, trust);
// We need to add the Asset tag related data only if the host is provisioned for it. This is done
// by verifying in the asset tag certificate table.
X509AttributeCertificate tagCertificate;
AssetTagCertBO atagCertBO = new AssetTagCertBO();
MwAssetTagCertificate atagCertForHost = atagCertBO.findValidAssetTagCertForHost(tblHosts.getHardwareUuid());
if (atagCertForHost != null) {
tagCertificate = X509AttributeCertificate.valueOf(atagCertForHost.getCertificate());
} else {
tagCertificate = null;
}
/*
// We will check if the asset-tag was verified successfully for the host. If so, we need to retrieve
// all the attributes for that asset-tag and send it to the saml generator.
X509AttributeCertificate tagCertificate = null;
if (host.isAssetTagTrusted()) {
AssetTagCertBO atagCertBO = new AssetTagCertBO();
MwAssetTagCertificate atagCertForHost = atagCertBO.findValidAssetTagCertForHost(tblHosts.getHardwareUuid());
if (atagCertForHost != null) {
tagCertificate = X509AttributeCertificate.valueOf(atagCertForHost.getCertificate());
// atags.add(new AttributeOidAndValue("UUID", atagCertForHost.getUuid())); // should already be the "Subject" attribute of the certificate, if not then we need to get it from one of the cert attributes
}
}*/
TxtHostWithAssetTag hostWithAssetTag = new TxtHostWithAssetTag(host, tagCertificate);
hostList.add(hostWithAssetTag);
}
SamlAssertion samlAssertion = getSamlGenerator().generateHostAssertions(hostList);
log.debug("Expiry {}", samlAssertion.expiry_ts.toString());
return samlAssertion.assertion;
} catch (ASException e) {
// We override that here to give more specific codes when possible:
if (e.getErrorCode().equals(ErrorCode.AS_HOST_NOT_FOUND)) {
throw new WebApplicationException(Status.NOT_FOUND);
}
/*
* if( e.getErrorCode().equals(ErrorCode.TA_ERROR)) { throw new
* WebApplicationException(Status.INTERNAL_SERVER_ERROR); }
*
*/
throw e;
} catch (Exception ex) {
// throw new ASException( e);
log.error("Error during retrieval of host trust status.", ex);
throw new ASException(ErrorCode.AS_HOST_TRUST_ERROR, ex.getClass().getSimpleName());
}
}
Also used :
TxtHostWithAssetTag(com.intel.mtwilson.saml.TxtHostWithAssetTag)
WebApplicationException(javax.ws.rs.WebApplicationException)
SamlAssertion(com.intel.mtwilson.saml.SamlAssertion)
TblSamlAssertion(com.intel.mtwilson.as.data.TblSamlAssertion)
AssetTagCertBO(com.intel.mtwilson.as.business.AssetTagCertBO)
ArrayList(java.util.ArrayList)
ASException(com.intel.mountwilson.as.common.ASException)
WebApplicationException(javax.ws.rs.WebApplicationException)
ConfigurationException(org.apache.commons.configuration.ConfigurationException)
CryptographyException(com.intel.mtwilson.crypto.CryptographyException)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
TblHosts(com.intel.mtwilson.as.data.TblHosts)
MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate)
ASException(com.intel.mountwilson.as.common.ASException)
Aggregations
ASException (com.intel.mountwilson.as.common.ASException)2
AssetTagCertBO (com.intel.mtwilson.as.business.AssetTagCertBO)2
MwAssetTagCertificate (com.intel.mtwilson.as.data.MwAssetTagCertificate)2
TblSamlAssertion (com.intel.mtwilson.as.data.TblSamlAssertion)2
CryptographyException (com.intel.mtwilson.crypto.CryptographyException)2
SamlAssertion (com.intel.mtwilson.saml.SamlAssertion)2
IOException (java.io.IOException)2
UnknownHostException (java.net.UnknownHostException)2
WebApplicationException (javax.ws.rs.WebApplicationException)2
ConfigurationException (org.apache.commons.configuration.ConfigurationException)2
TblHosts (com.intel.mtwilson.as.data.TblHosts)1
TxtHostWithAssetTag (com.intel.mtwilson.saml.TxtHostWithAssetTag)1
ArrayList (java.util.ArrayList)1
